我目前正在关注 Spring 文档 和一些有关网络安全的教程。但现在我有一个问题,我无法调用该方法
antMatchers
。这是我在构建项目时遇到的错误:
java: cannot find symbol
symbol: method antMatchers(java.lang.String)
location: variable requests of type org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.AuthorizationManagerRequestMatcherRegistry
根据我的理解,我应该能够使用这个方法,这样我就可以允许或不允许对某个URL的HTTP请求。所以我的问题是,为什么我不能使用
antMatchers()
方法?
SecurityConfiguration
班级:
package de.gabriel.vertretungsplan.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((requests) -> requests
.antMatchers("/vertretungsplan").hasAnyRole("SCHUELER", "LEHRER", "VERWALTUNG")
.anyRequest().authenticated()
)
.formLogin((form) -> form
.loginPage("/login")
.permitAll()
)
.logout((logout) -> logout.permitAll());
return http.build();
}
}
pom.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>de.gabriel</groupId>
<artifactId>vertretungsplan</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>vertretungsplan</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
在
antMatchers()
(以及 mvcMathcers()
regexMatchers()
如果您想知道此更改背后的理由是什么,请查看此链接:弃用尾部斜杠匹配。
requestMatchers()
被提供作为保护请求的统一方法。它促进了已从 API 中删除的配置方法的所有功能。
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(requests -> requests
.requestMatchers("/vertretungsplan").hasAnyRole("SCHUELER", "LEHRER", "VERWALTUNG")
.anyRequest().authenticated()
)
.formLogin(form -> form
.loginPage("/login")
.permitAll()
)
.logout(logout -> logout
.permitAll());
return http.build();
}
RequestMatcher 可以工作,但如果您在 AuthorizeHttpRequests 之前使用 antMatchers,现在您需要使用 .securityMatcher
像这样:
http
.securityMatcher("/api/**", "/app/**")
.authorizeHttpRequests((authz) -> authz
.requestMatchers("/api/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
);
查看 Spring 文档中的更多内容: Spring 文档
将这个遮阳篷留在这里,因为这是我需要的解决方案。
.requestMatchers("/assets/**").permitAll()
对我有用,但请确保检查您的链接与您插入的位置相同
例如
If you use:
<link href="assets/css/style.css" rel="stylesheet">
Here you need to use:
.requestMatchers("/assets/**").permitAll()
If you use:
<link href="resources/**" rel="stylesheet">
Here you need to use:
.requestMatchers("/resources/**").permitAll()